Abstract: By analyzing the database security audit mechanism, a type of database security audit system framework based on bypass monitoring is proposed and a system aiming at Oracle database is completed under the framework. This paper refers to the technology realization of network packet capture based on Java, TNS protocol analysis, SQL parsing and database security detection. An anomaly detection algorithm which can discover user’s normal behavior is also proposed. The experimental result shows that this system can audit Oracle database effectively in real time and can analyze the security of database operation.

Key words: database security audit, bypass monitoring, Transparent Network Substrate（TNS） protocol, Structured Query Language（SQL） parse, security detection

摘要： 通过分析数据库安全审计机制，提出一种基于旁路监听的数据库安全审计系统框架，并实现了针对Oracle数据库的安全审计系统。涉及Java网络抓包、TNS协议解析、SQL语法解析和数据库安全检测等技术实现，提出一种发现用户正常行为规则的异常检测算法。系统实验结果表明该系统能有效对Oracle数据库进行实时安全审计，并实现了数据库操作行为的安全检测。

关键词: 数据库安全审计, 旁路监听, 透明网络底层（TNS）协议, 结构化查询语言（SQL）语法解析, 安全检测